Hey team —
I’m concerned the person in the post below is attempting to use a vulnerability on the gw2 website to obtain user’s account login details -- unfortunately, this could be done by almost anybody very easily to trick a user since they will be entering their account information on your actual website with no idea that it will be redirected to somebody untrustedhttp://www.guildwars2guru.com/topic/78397-news-on-the-gw2-extension-im-working-on/
I believe this could be prevented by restricting the allowable redirect_uri from your login page to trusted domains
It’s also possible I am misunderstanding things, but wanted to bring to your attention
Cheers